Hey Roo Thorp,
I think this is because we added the scope_name and collection_name field to the UserRole model that gets serialized for the Couchbase API (/pkg/util/couchbaseutil/types.go) and it looks like we forgot the omitempty to the field tags.
So after more digging, this doesn't seem to be the case. I don't see any reason why this would happen, could you turn on debug mode for the operator and give me some better output? It looks like the bucket is being left off the role definition, which doesn't seem possible.
I spun up a 6.6.5 and a 7.0.3 cluster and reproduced the call that would generate your error:
curl -v -X PUT -u couchbase:<REDACTED> http://<REDACTED>:8091/settings/rbac/users/local/jashworth -d password=Foo123! -d 'roles=data_reader'
as you can see this leaves off the bucket definition in the request and results in your exact error message. And to be clear, this request fails on both 6.6.5 and 7.0.3, so I'm not sure why the POST 7.0.0 test works and the PRE 7.0.0 test fails.
So can you dig a bit deeper and see if you can provide me a set of logs for this error i can comb over?